1.3.6

DATE	CVE	VULNERABILITY TITLE	RISK
2021-07-09	CVE-2020-25877	Cross-site Scripting vulnerability in Blackcat-Cms Blackcat CMS 1.3.6 A stored cross site scripting (XSS) vulnerability in the 'Add Page' feature of BlackCat CMS 1.3.6 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Title' parameter. network blackcat-cms CWE-79	3.5
2021-07-09	CVE-2020-25878	Cross-site Scripting vulnerability in Blackcat-Cms Blackcat CMS 1.3.6 A stored cross site scripting (XSS) vulnerability in the 'Admin-Tools' feature of BlackCat CMS 1.3.6 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payloads entered into the 'Output Filters' and 'Droplets' modules. network blackcat-cms CWE-79	3.5
2021-02-16	CVE-2021-27237	Cross-site Scripting vulnerability in Blackcat-Cms Blackcat CMS 1.3.6 The admin panel in BlackCat CMS 1.3.6 allows stored XSS (by an admin) via the Display Name field to backend/preferences/ajax_save.php. network blackcat-cms CWE-79	3.5
2020-09-15	CVE-2020-25453	Cross-Site Request Forgery (CSRF) vulnerability in Blackcat-Cms Blackcat CMS An issue was discovered in BlackCat CMS before 1.4. network blackcat-cms CWE-352	6.8